ISBuzz Team

Musk’s Twitter takeover hit a heavy roadblock yesterday. In his hopes of having users pay for verification, it seems Musk caught the attention of looming cyber criminals, hungry to hijack users accounts by impersonating as Twitter support services.  

Dropbox has suffered a security breach after threat actors stole 130 code repositories after gaining access to one of its GitHub accounts using employee credentials stolen in a phishing attack. The company discovered the attackers breached the account on October 14 when GitHub notified it of suspicious activity that started one day before the alert was sent. “To date, our investigation has found that the code accessed by this threat actor contained some credentials—primarily, API keys—used by Dropbox developers,” Dropbox revealed on Tuesday.

It has been reported that Royal Mail has experienced a data breach where customers have seen the information of other users. A statement on Royal Mail’s Click and Drop status updates website said: “We have been made aware there was an issue affecting Click & Drop that meant some customers could see other customer’s orders.

It has been reported that A now-patched security flaw has been disclosed in the Galaxy Store app for Samsung devices that could potentially trigger remote command execution on affected phones. The vulnerability, which affects Galaxy Store version 4.5.32.4, relates to a cross-site scripting (XSS) bug that occurs when handling certain deep links. An independent security researcher has been credited with reporting the issue.

A new phishing campaign is underway to capitalize on the tumult, with hackers attempting to trick users into supplying their Twitter credentials in a Googledoc made to look like a Twitter help page, according to TechCrunch. The page is hosted by a Russian service provider. The phishing email campaign, seen by journalists at TechCrunch and NBC, attempts to lure Twitter users into posting their username and password on an attacker’s website disguised as a Twitter help form.  The email is sent from a Gmail account, and links to a Google Doc with another link to a Google Site, which lets users host web content.…

Today the National Cyber Security Centre revealed that it has issued 34 million cyber alerts in the past year alone. With attacks on the rise, Information security experts argue that AI-enabled strategies must become the beating heart of security measures, if organisations wish to protect their identities, both human and machine, from evolving cyber threats.

It has been reported that the move to the Metaverse, an open-ended collection of digital experiences, environments and assets leveraging virtual technologies, is imminent. Backed by tech giants including Meta, Microsoft and Google, this environment has the potential to change many aspects of everyday life, from education to healthcare.

After warnings were issued, a critical vulnerability discovered in current versions of OpenSSL affecting almost every organisation, will have a patch released today – so patch as soon its available experts say! If you are unaware, OpenSSL is a widely used software library by companies to enable secure network connections and is available for Linux, Windows, macOS, and BSD systems. OpenSSL lets users perform various SSL-related tasks, including Certificate Signing Request (CSR) and private keys generation, and SSL certificate installation.  The Open SSL Project defines a critical vulnerability as affecting: ‘common configurations and which are also likely to be exploitable. Examples include significant disclosure…

With Musk’s takeover finally official, heads are rolling at Twitter. However, there is still little clarity over how he will achieve his lofty ambitions for the social media platform. While some fear the free-speech loving billionaire will turn Twitter into an uninhabitable platform, many experts believe a decentralised approach will finally bring power back to the people. 

Senior U.S. cyber officials had a strong message for big tech Thursday, saying that tech providers, not just buyers, must take responsibility for ensuring their products are protected from cyberattacks. Wall Street Journal: National Cyber Director Chris Inglis … accountability for security must be shared. … the first and last line of defense can’t be the user at the end of that supply chain. We have to push some responsibility along that supply chain…” … technology must be secure by design, so that even if situations such as the Log4j vulnerability do occur, they can be caught and contained at…